CVSS: 9.1EPSS: 0%CPEs: 4EXPL: 0CVE-2021-46825
https://notcve.org/view.php?id=CVE-2021-46825
07 Jul 2022 — Symantec Advanced Secure Gateway (ASG) and ProxySG are susceptible to an HTTP desync vulnerability. When a remote unauthenticated attacker and other web clients communicate through the proxy with the same web server, the attacker can send crafted HTTP requests and cause the proxy to forward web server responses to unintended clients. Severity/CVSSv3: High / 8.1 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N Symantec Advanced Secure Gateway (ASG) y ProxySG son susceptibles a una vulnerabilidad de desincronización HTTP.... • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/20638 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 9.8EPSS: 8%CPEs: 5EXPL: 0CVE-2018-5241
https://notcve.org/view.php?id=CVE-2018-5241
29 May 2018 — Symantec Advanced Secure Gateway (ASG) 6.6 and 6.7, and ProxySG 6.5, 6.6, and 6.7 are susceptible to a SAML authentication bypass vulnerability. The products can be configured with a SAML authentication realm to authenticate network users in intercepted proxy traffic. When parsing SAML responses, ASG and ProxySG incorrectly handle XML nodes with comments. A remote attacker can modify a valid SAML response without invalidating its cryptographic signature. This may allow the attacker to bypass user authentica... • http://www.securityfocus.com/bid/104282 •
CVSS: 8.0EPSS: 1%CPEs: 29EXPL: 0CVE-2016-9097
https://notcve.org/view.php?id=CVE-2016-9097
11 May 2017 — The Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.8, ProxySG 6.5 prior 6.5.10.6, ProxySG 6.6 prior to 6.6.5.8, and ProxySG 6.7 prior to 6.7.1.2 management consoles do not, under certain circumstances, correctly authorize administrator users. A malicious administrator with read-only access can exploit this vulnerability to access management console functionality that requires read-write access privileges. Las consolas de administración Advanced Secure Gateway (ASG) versiones 6.6 anteriores a 6.6.... • http://www.securityfocus.com/bid/101530 • CWE-264: Permissions, Privileges, and Access Controls •